Use the Integrity Monitoring module of Deep Security to monitor and detect the created files under a specific folder.
To monitor the created files, create a custom rule that targets the directory:
- On the Deep Security console, go to Policies > Common Objects.
- Navigate to Rules > Integrity Monitoring Rules.
- Click New and select New Integrity Monitoring Rule.
- Go to Content tab.
- Choose File for Template.
- Enter the path on the Base Directory field.
- Enable the Include Sub Directories checkbox.
- On the section Include Files With Names Like, input asterisk (*) to match zero or more characters.
- Click Apply to save the new rule.
Based on the sample above, it will detect any created files under the /test/ directory. The event will look similar to the following: